May 4, 2026 at 2:09 pm
This was removed by the editor as SPAM
May 4, 2026 at 2:12 pm
This was removed by the editor as SPAM
May 4, 2026 at 2:29 pm
Out of interest, are the spammers (and their bots) using the standard GUI to create these posts, or is there a back door that they've hacked into?
they are using some kind of scripting tool to do it - easy enough to do it (if you know what to do), and scammers just pick up those scripts and run them.
May 5, 2026 at 7:22 am
Phil Parkin wrote:Out of interest, are the spammers (and their bots) using the standard GUI to create these posts, or is there a back door that they've hacked into?
they are using some kind of scripting tool to do it - easy enough to do it (if you know what to do), and scammers just pick up those scripts and run them.
For sure, but that does not answer my question. Does this tool emulate a human by doing clicks/submits in the GUI, or is there a hack which allows them to (effectively) bypass the GUI and run INSERTs to the table of posts?
May 5, 2026 at 9:11 am
frederico_fonseca wrote:Phil Parkin wrote:Out of interest, are the spammers (and their bots) using the standard GUI to create these posts, or is there a back door that they've hacked into?
they are using some kind of scripting tool to do it - easy enough to do it (if you know what to do), and scammers just pick up those scripts and run them.
For sure, but that does not answer my question. Does this tool emulate a human by doing clicks/submits in the GUI, or is there a hack which allows them to (effectively) bypass the GUI and run INSERTs to the table of posts?
in a way it goes through the UI code by emulating the required clicks/typing
May 5, 2026 at 12:05 pm
Thanks. I was asking because I was wondering whether your suggested countermeasures would even be effective.
I had to turn off notifications to pretty much all forums as a result of the spamathon. This site is dying a death, I'm afraid, and AI is only partially to blame.
May 5, 2026 at 12:39 pm
What is it with people claiming they are an 8 out of 10 on SQL Server, or in one case a 10 out of 10 on Oracle, and then not knowing how recovery models work with specific restore scenarios, how AG data movement works, or how to get the date and time from the server?
I mean, seriously. If you claim 10/10, you'd best have invented the platform and know things that no person interviewing you understands about the platform, right?
I ask two questions at the start of every interview. One of them is a trick question, but anyone who knows SQL Server that well should be able to answer it. The other is related to date and time.
We've caught so many people using AI or regular web searches during the interview, then parrotting back what they found before they realize they've stumbled on the common answer, not the correct answer. And the one "there are functions" response to the question about the date makes me want to pound my head against the desk.
Them: "I'm an expert in query tuning."
Us: "Great let's talk execution plans." We say after they claim to use them.
Them: "Uhhhhh...." And then they can't answer a single question about execution plans. Not even tell us one object inside an execution plan.
It makes my head hurt. Just once I'd like to interview someone who doesn't talk around the question instead of answer it.
May 5, 2026 at 1:06 pm
What is it with people claiming they are an 8 out of 10 on SQL Server, or in one case a 10 out of 10 on Oracle, and then not knowing how recovery models work with specific restore scenarios, how AG data movement works, or how to get the date and time from the server?
I mean, seriously. If you claim 10/10, you'd best have invented the platform and know things that no person interviewing you understands about the platform, right?
I ask two questions at the start of every interview. One of them is a trick question, but anyone who knows SQL Server that well should be able to answer it. The other is related to date and time.
We've caught so many people using AI or regular web searches during the interview, then parrotting back what they found before they realize they've stumbled on the common answer, not the correct answer. And the one "there are functions" response to the question about the date makes me want to pound my head against the desk.
Them: "I'm an expert in query tuning."
Us: "Great let's talk execution plans." We say after they claim to use them.
Them: "Uhhhhh...." And then they can't answer a single question about execution plans. Not even tell us one object inside an execution plan.
It makes my head hurt. Just once I'd like to interview someone who doesn't talk around the question instead of answer it.
Why don't you do a 5 minute pre-interview phone call?
May 5, 2026 at 1:08 pm
Thanks. I was asking because I was wondering whether your suggested countermeasures would even be effective.
I had to turn off notifications to pretty much all forums as a result of the spamathon. This site is dying a death, I'm afraid, and AI is only partially to blame.
Is it possible to add a captcha for all users to post and maintain a white list?
May 5, 2026 at 2:42 pm
What is it with people claiming they are an 8 out of 10 on SQL Server, or in one case a 10 out of 10 on Oracle, and then not knowing how recovery models work with specific restore scenarios, how AG data movement works, or how to get the date and time from the server?
I mean, seriously. If you claim 10/10, you'd best have invented the platform and know things that no person interviewing you understands about the platform, right?
I ask two questions at the start of every interview. One of them is a trick question, but anyone who knows SQL Server that well should be able to answer it. The other is related to date and time.
We've caught so many people using AI or regular web searches during the interview, then parrotting back what they found before they realize they've stumbled on the common answer, not the correct answer. And the one "there are functions" response to the question about the date makes me want to pound my head against the desk.
Them: "I'm an expert in query tuning."
Us: "Great let's talk execution plans." We say after they claim to use them.
Them: "Uhhhhh...." And then they can't answer a single question about execution plans. Not even tell us one object inside an execution plan.
It makes my head hurt. Just once I'd like to interview someone who doesn't talk around the question instead of answer it.
I totally get it. We just interviewed a guy for a Principal Database Engineer who couldn't answer correctly the first question to explain the different type of JOINs. I just love/hate when they say that OUTER JOINs are different from LEFT JOINs and give an explanation on how they're different.
We also get the ones that get the perfect explanation including physical join operations, but can't apply that knowledge on the practical part of the interview.
May 5, 2026 at 2:59 pm
I totally get it. We just interviewed a guy for a Principal Database Engineer who couldn't answer correctly the first question to explain the different type of JOINs. I just love/hate when they say that OUTER JOINs are different from LEFT JOINs and give an explanation on how they're different.
We also get the ones that get the perfect explanation including physical join operations, but can't apply that knowledge on the practical part of the interview.
My favorite elimination question was to get people explain what blocks and deadlocks are. I would always ask by spelling out B L O C K and D E A D L O C K. I did this so there was no confusion. The vast majority of people would carefully explain what a block is and then carefully explain what a block is.
Made me absolutely insane. But, we didn't have to bring them in for additional interviews.
"The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood"
- Theodore Roosevelt
Author of:
SQL Server Execution Plans
SQL Server Query Performance Tuning
May 5, 2026 at 6:45 pm
OK, I know it's been a long few days here, with a ton of SPAM posts. We've deactivated a bunch of accounts and set some additional delays to prevent posts by new users for now. Not what we want, but that and expiring a bunch of passwords and mass blocking some users has helped.
Countermeasures are really hard. We've added delays to prevent bots from signing up and then posting right away, but some of these newer tools will just keep trying to post until it goes through. We're looking at a few ways to potentially prevent them from just issuing POSTs, which appears to be what's happening. I don't think there are automated users clicking the site, but rather just sending in an HTTP POST with the parameters to hit the various forums.
We have a few other ideas on what to do, but testing to try and prevent legitimate posts from being blocked.
May 6, 2026 at 1:24 pm
May 7, 2026 at 10:34 am
OK, I do not like our security environment sometimes...
3/4s of the way through writing a detailed reply to a post, and our stupid web-scanner forced the page to refresh and lost the post...
Note, this isn't a forum problem, it's the security environment here at my employer, so this is just me venting...
May 7, 2026 at 6:58 pm
Out of interest, are the spammers (and their bots) using the standard GUI to create these posts, or is there a back door that they've hacked into?
No backdoor. They're using WGET/CURL quite a bit. We've blcoked those.
This isn't a hole, it's how the Internet works. Your browser does a GET, renders data, and when you click post/submit/etc, you send an HTTP POST (or PATCH) to the server. That HTTP POST can be automated (as can GETs) with various tools.
We've added some things looking for CLI tools as opposed to browsers, but potentially those can be spoofed. We're looking at other things
Viewing 15 posts - 66,871 through 66,885 (of 66,894 total)
You must be logged in to reply to this topic. Login to reply